Purpose of personal firewalls?

[g3neration]

The ignorance of Mr Joe means that he will be exposed... I would recommend to anyone like Mr Joe who wanted to get computer saavy to check out firewalls and install one. Not only should it block all services by default and enhance security, but Mr Joe starts to learn that his computer does a lot more than what he can click and type.

Ah, I may know to block services granted and Joe doesnt. But its not a big deal to learn what services to turn off and what not. If Joe was really worried about attacks from external sources and he invested time doing his homework about firewalls, then I'm assuming its equally as easy to do some research in what services/processes/whatever he should turn off. Then he could save his money. One doesnt need to be computer savvy to read some info.

Wouldnt it be worse if Joe got some personal firewall, lets say Norton or Mcafee since they spend a bit of money in advertising. He installs it. A pop up appears saying something wants to connect to somewhere. He probably has no idea what the thing is saying so he'll just click ok. 2nd pop up, 3rd pop up, well I'm sure hes a bit annoyed by now. So he'll just either click ok for everything or just turn the damn thing off. ( BTW this is a real life expierence as I get annoyed easily by so many popups ) So not only has he spent money but now his system is just as "unprotected" as if he didnt have the firewall.

[alleyCat]

Originally posted here by g3neration
If Joe was really worried about attacks from external sources and he invested time doing his homework about firewalls, then I'm assuming its equally as easy to do some research in what services/processes/whatever he should turn off. Then he could save his money. One doesnt need to be computer savvy to read some info.

I would say one who read some info, understood and applied it as on their way to being savvy... not advanced and definately not expert but at least savvy... now we are arguing over semantics...

Originally posted here by g3neration
Wouldnt it be worse if Joe got some personal firewall, lets say Norton or Mcafee since they spend a bit of money in advertising. He installs it. A pop up appears saying something wants to connect to somewhere. He probably has no idea what the thing is saying so he'll just click ok. 2nd pop up, 3rd pop up, well I'm sure hes a bit annoyed by now. So he'll just either click ok for everything or just turn the damn thing off. ( BTW this is a real life expierence as I get annoyed easily by so many popups ) So not only has he spent money but now his system is just as "unprotected" as if he didnt have the firewall.

well not worse... but definately no better than before! I wouldn't call this Joe savvy. He just wasted his money. Esp if he was reading on the internet before hand and didn't even find a free software firewall or two... sounds like ignorance would have been bliss for that Joe...

And I know I've felt this way when I have friends/family ask me "What is this pop up for?" a billion times... indeed.

Al

[Broomiebar]

Thats one thing that I'm still wondering about. Would you really need a host/personal firewall? In my case I'm kind of paranoid and I like to know what dials out, but for most of your non-technical or even technical users, do you really need a firewall on a host system?

Hmm...

Dude... if you're redesigning a new network, then just think about when
you had your first new car, you bought it and it looks all great, and then one day,
someone steals it, you go..oh...oh ...I wish I installed a car alarm.


Your computer is like your car,
and your firewall is like your car alarm.

C ya,
B.B

[catch]

Application level firewalls are bad... always, always, always bad.

Myth 1:
They effectively protect the system from external attacks in case other systems on the network are compromised.
Reality 1:
Application level firewalls work by determining what applications/services can connect and be connected to. In an internal, where there is considerable sharing of data (Active Directory, file shares, etc) the same applications and services which share this data will e the obvious attack vectors. The application firewall will treat these communications as normal

Myth 2:
They effectively protect the system from external attacks in case the primary network firewall fails.
Reality 2:
In the event of a primary firewall failure, the attacker can use the standard communication paths to and from the firewall as attack vectors into the "protected" system. Additionally, the attacker may use more passive techniques of data diddling within the primary firewall to leverage greater access, more information, etc.

Myth 3:
They effectively deal with spyware, adware, viruses, trojan horses, etc ("malware").
Reality 3:
If the local user has sufficient rights to alter the system's configuration (which they must to install the malware in the first place) then any malware must be assumed to have the same rights. Consequently complete/selective disabling of the firewall is a trivial manner.

Considering these myths... you should see that application level firewalls are NEVER a good solution. Never in any environment, be it Zurich Financial Services' corporate HQ or Grandma's den.

If you have no services to offer... skip the firewall altogether. If you do have services, getting a nice firewall appliance might be a good investment or just the filtering built in with your OS. odds are you don't need much more than the simple ability to block a few ports from outsiders.

An application firewall will give you a false sense of security, be a waste of time, effort, and anything else you invest in it. Multiple application firewalls in a private network.. is just a joke, and a bad joke at that. This is a simple matter of problem definition and verification... the fact of the matter is that application firewalls don't do the job they are designed to do.

cheers,

catch

psst. Woohoo, only three more posts... maybe I should end with a tutorial... what do you think:

"How to: Argue intelligently against Linux & Windows"
or
"Understanding OASIS"